If your answer was "Facebook on Android and IOS smartphones are even more insecure," you win. Take the weekend off.

Extra points if you added expletives for emphasis. Level up if your answer was: "Therefore, Socrates is a cat."

Today's sadly obvious (in retrospect) revelation about smartphone insecurity is that the Facebook apps running on Android and iOS do not encrypt user login credentials either while they're stored on the phone or while they're being broadcast across Wi-Fi or cell networks as their users log in, according to a British developer who builds apps on both iOS and Android.

When users log in using the Facebook app for iOS or Android, the app creates a set of "temporary" credentials it stores in an unencrypted, unsecured property list (.plist) file accessible to anyone with physical access to the device or any apps running on it, according to designer and developer Gareth Wright, who discovered the flaw, blogged about it April 3.

Some iOS games do the same thing, but use iOS security to keep data on high scores from being released and only store user data for 60 days, according to TheRegister.

Facebook is more liberal; it defines "temporary" as lasting until the year 4001.

The Facebook app stores user data in a .plist, which is protected on Android only if the user is far more strict in permissions granted to other apps than is usual.

Wright wrote a proof-of-concept app designed to scarf up as many .plists as possible, collecting more than 1,000 before taking his findings to Facebook with a warning about the security flaw.

Facebook is aware of the problem and is working on a fix, Wright found after warning it about his findings.

Here is Facebook's official response: "We have noticed several articles claiming your Facebook account is at risk if you use Facebook for iOS or Android. This is NOT true.

Facebook's iOS and Android applications are only intended for use with the manufacture provided operating system, and access tokens are only vulnerable if users have modified their mobile OS (i.e. jailbroken iOS or modded Android) or have granted a malicious actor access to the physical device. To protect yourself we recommend all users abstain from modifying their mobile OS to prevent any application instability or security issues." – Facebook response to iOS/Android app bug reports, April 5, 2012